This page illustrates how to configure Microsoft Azure Active Directory (AD) as the IdP for the Zscaler Admin SSO. Refer to the Azure documentation for additional information about the steps in the Azure portal. To learn how to do this for a user, see SAML Configuration Example: Microsoft Azure Active Directory.

As there is no predefined app for Zscaler Admin SSO on Azure, a non-gallery application will be used to integrate Microsoft Azure Active Directory with Zscaler for Admin Single Sign-On (SSO).

Prerequisites

Ensure that you have the following before you start configuring Azure AD as the IdP:

The certificate file name has a .pem extension as the Zscaler service only accepts certificates with the .pem extension. If it does not, rename it. For this example, you would rename it to Zscalertwo Admin SSO.pem

Upload SSL certificate.
Click UploadSee image.
Select Choose File to navigate to the public certificate that is used to verify the digital signature of the IdP. This is the base-64 encoded PEM format that you downloaded from the IdP. The file extension must be .pem without any other dots (.) in the file name. Then Upload your certificate.See image.